Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3961
export_handler.php in WebCalendar 1.0.1 allows remote malicious users to overwrite WebCalendar data files via a modified id parameter.
Webcalendar Webcalendar 1.0.1
NA
CVE-2005-3982
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote malicious users to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
Webcalendar Webcalendar 1.0.1
1 EDB exploit
NA
CVE-2005-3984
SQL injection vulnerability in WebCalendar 1.0.1 allows remote malicious users to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.
Webcalendar Webcalendar 1.0.1
NA
CVE-2012-5384
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote malicious users to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] vari...
Webcalendar Project Webcalendar -
5.3
CVSSv3
CVE-2013-1422
webcalendar prior to 1.2.7 shows the reason for a failed login (e.g., "no such user").
Webcalendar Project Webcalendar
6.1
CVSSv3
CVE-2024-22635
WebCalendar v1.3.0 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Webcalendar Project Webcalendar 1.3.0
6.1
CVSSv3
CVE-2017-10840
Cross-site scripting vulnerability in WebCalendar 1.2.7 and previous versions allows an malicious user to inject arbitrary web script or HTML via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
4.9
CVSSv3
CVE-2017-10841
Directory traversal vulnerability in WebCalendar 1.2.7 and previous versions allows authenticated malicious users to read arbitrary files via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
NA
CVE-2008-1954
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Webcalendar Web Calendar Pro
Webcalendar Web Calendar Pro 4.0
1 EDB exploit
NA
CVE-2010-0636
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions prior to 1.2.5, allow remote malicious users to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.ph...
K5n Webcalendar 1.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »